AlienVault OSSIM 'av-centerd' Remote Code Execution

critical Nessus Plugin ID 76193

Synopsis

The remote host is affected by a remote code execution vulnerability.

Description

The remote host is running a version of AlienVault Open Source Security Information Management (OSSIM) that is affected by a remote code execution vulnerability in the 'av-centerd' SOAP service due to a failure to sanitize user input to the 'get_log_line' method. A remote, unauthenticated attacker can exploit this vulnerability to execute arbitrary code with root privileges.

Note that this version is reportedly also affected by other remote code execution vulnerabilities as well as a SQL injection issue.
However, Nessus did not test for these additional issues.

Solution

Upgrade to 4.7.0 or later.

See Also

http://forums.alienvault.com/discussion/2690

https://www.zerodayinitiative.com/advisories/ZDI-14-199/

Plugin Details

Severity: Critical

ID: 76193

File Name: ossim_soap_4_7_0.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 6/23/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:alienvault:open_source_security_information_management

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/6/2014

Vulnerability Publication Date: 6/11/2014

Reference Information

CVE: CVE-2014-3805

BID: 67998